<?php
class access{
	var $uid;
	var $email;
	var $password;
	
	function add_user_access($user_id,$email,$password){
		$this->uid      = $user_id;
		$this->email    = $email;
		$this->password = $password;
		mysql_query("INSERT INTO access VALUES($this->uid,'$this->email',md5('$this->password'))");
		//here we create an initial directory to the user
		$query = "insert into articles values('','0','Root','',1,1,$user_id)";
        $res = mysql_query($query);
	}
	
	function check_email($email){
		$query = "SELECT * FROM access WHERE email = '$email'";
		$res = mysql_query($query);
		$num = mysql_num_rows($res);
		return $num;
	}
	
	function check_access($email,$password){
		$num = $this->check_email($email);  //double level security to even SQL injection.. 
		if($num > 0)
		{
		  $res = mysql_query("SELECT * FROM access WHERE password = md5('$password') and email = '$email'");
		    if(mysql_num_rows($res) > 0){ 
		      $obj = mysql_fetch_object($res);
		      return $obj->id_user_fkn;
		    }
		    else 
		       return  "-2";  
		}      
		 else 
		   return "-1";
	}
}
?>